Why Pokemon Go Should Be a No Go

GET in touch with CSSW TODAY!

BLOG POST

Our Happy Clients

CSSW takes care all my business information technology. I don't have to worry about my computers, networks or staff not working. Thanks team for taking care of us.

Rick Crawford

Did you ever think that a legitimate game app could endanger your security? Naysayers have not yet heard of the most popular game ever downloaded in United States history. The game is Pokémon Go.

This is a game meant to be played on your smartphone; it melds virtual technology with the real world. It’s a free download, but, people in the IT field have serious reservations about this free app and your or your company’s security. It seems as if you give up a lot when you download Pokémon Go and are a Google user.

A Quick Description of the Game

Pokémon Go is manufactured by Niantic Inc. It is the latest iteration of the Pokémon franchise which has been around for over 30 years.

The most important feature of Pokémon Go is that you still train Pokémon characters but instead of doing so in a virtual world, you do so in the real world. As a player, you meander outside until you come across a Pokémon. The game knows where you are through your GPS which it receives as data from your smartphone. When you get an alert that there is a Pokémon nearby you catch it by hurling a Poké ball at it – hit it and the Pokémon is yours. You can see the character through your smartphone camera viewfinder which overlays it on the real world. The game is considered an augmented reality game.

Pokémon Risks for Google Users

There are two ways a user can download Pokémon Go. The first is to sign in using your Google account. The second is to log in using the Pokémon Trainer Club. But, as of July 2016, signing up from the Pokémon Trainer clubs has been suspended, leaving Google users only the Google account way of playing.

And this is where the problems start.

Downloads from the Google Play Store fail to alert users that Niantic as well as Google now have access to your Google account. Google does not mention what permissions are given to Niantic but does say Google will have full access to your account. This means the application is able to see and modify all information in your and/or your company’s Google account.Google itself warns that “Full Access” privileges should only be given to apps that are completely trusted by you that you install on your computer, tablet or phone.

The game is so popular it may soon eclipse Google Maps and Snapchat for total daily users in the United States, making it a target rich environment for hackers. The game is so popular, that in early July of 2016, Niantic servers crashed due to the enormous number of download requests made through its site, which helped Niantic decide to suspend downloads from its site. Many IT experts think the Niantic servers failed due to a denial of service attack by a group of cyber criminals known as the PoodleCorp. In addition, there are a number of counterfeit games that are actually scams that contain malware, also known as ransomware, that can lock your smartphone and hold it for ransom.

Since the game uses Geolocation as a part of the action, there have been reports of individuals and groups disturbing homeowners looking to catch rare Pokémon. Also, the Geolocation feature has reportedly been used by IRL criminals to lure players to remote areas where the players are then robbed at gunpoint.

Manage IT Service Providers to the Rescue

The trend for businesses has been to utilize a method of accessing data and software known as BYOD, an acronym meaning Bring Your Own Device. It is likely that sooner rather than later, hackers will use employee devices with Pokémon Go loaded on a smartphone as a way to infiltrate company data storage and software. When this occurs, your business will suffer from claims from customers and others for identity theft. Trade secrets can be at risk as well as customer lists. You may even be a target for ransomware and either lose access to your data or pay a large sum to get it back.

Most reputable managed IT services have tools to deal with these attacks known as mobile device management solutions. Already many companies have banned the game from any device that can access its data systems and software. The best way to avoid your privacy or your company’s computer system from being at risk is to not download the game.

CSSW Computers is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (952) 758--7272 or send us an email at info@csswcomputers.com for more information.